That paper is online here. It was written as part of Lenny Zeltser's GCIH certification prcess. In other words, it was written for SANS. His homepage is http://www.zeltser.com/ . He has some neat toys and some other really good papers on his site, including one about intrusion detection.